23
03/26/22 10:25 PM 5864_ER_WHITE.1 Simple use of UML for assisting in the creation of Common Criteria evaluation inputs Karen Sheh CSC Australia
| Date post: | 17-Dec-2015 |
| Category: |
Documents |
| Upload: | kristian-johns |
| View: | 213 times |
| Download: | 0 times |
04/18/23 03:30 PM 5864_ER_WHITE.1
Simple use of UML for assisting in the creation of Common Criteria evaluation inputsKaren Sheh
CSC Australia
04/18/23 03:30 PM 5864_ER_WHITE. 2
Karen Sheh
• Performs Common Criteria Evaluations within CSC Australia’s Evaluation Facility
• Risk assessments and plans within CSC Australia’s Global Security Solutions team for Australia’s Department of Immigration and Citizenship
04/18/23 03:30 PM 5864_ER_WHITE. 3
Outline
• Part 1– Introduction
– Related Work
• Part 2– Ideas for deriving documentation from simple UML
• Part 3– Summary
– The Way Forward
– Questions and Comments
04/18/23 03:30 PM 5864_ER_WHITE.4
Part 1Simple use of UML for assisting in the creation of Common Criteria evaluation inputs
04/18/23 03:30 PM 5864_ER_WHITE. 5
Background
• The Common Criteria (CC) is an internationally recognised standard, with many countries requiring or recommending CC evaluated products be used by their Government Departments.
• However, this standard is often confusing and complex and the production of inputs required for evaluation can be difficult.
• A quick online search of university Computing Degrees show that many are teaching Software Engineering tools including basic UML.
Part 1
04/18/23 03:30 PM 5864_ER_WHITE. 6
Background (cont.)
• Looking at assisting in the production of the Security Target (ST), Functional Specification (FSP) and High level design (HLD) documentation.
• Looking at using Use Case diagrams, Class diagrams and Activity diagrams to assist.
• Looking at these diagrams from a Common Criteria perspective rather than a Software Engineering perspective.
Part 1
04/18/23 03:30 PM 5864_ER_WHITE. 7
Example of Basic UML
• There are 13 UML diagrams in the specification grouped into three groups (taken from the OMG website on UML).
– Structure Diagrams - describes the structure of a system.
– Behaviour Diagrams - describes the behaviour of a system.
– Interaction Diagrams – describes the interactions within a system.
• Show examples with three diagrams that are commonly taught at University and online tutorials for use in CC.
Part 1
04/18/23 03:30 PM 5864_ER_WHITE. 8
Example of Basic UML
• Use Case Diagram
Part 1
04/18/23 03:30 PM 5864_ER_WHITE. 9
Example of Basic UML
• Class Diagram
Part 1
04/18/23 03:30 PM 5864_ER_WHITE. 10
Example of Basic UML
• Activity Diagram
Part 1
04/18/23 03:30 PM 5864_ER_WHITE. 11
Related Work• Ware, Bowles and Eastman describe the integration of CC threats
into the UML Actors of Use Cases.– Actor profiles
– Threats selected from a pre-defined set that match the actor’s associations
• UMLSec extension to the UML standard.
• Mellado, Fernández-Medina and Piattini analysed eight proposed methods of integrating CC in Software Development.
– concludes that information security “is usually only tackled from a technical viewpoint at the implementation stage”.
• However these usually require more specific knowledge that a basic understanding of UML.
Part 1
Ware, Bowles and Eastman, ‘Security-Critical System Development with Extended Use Cases’, 10th Asian-Pacific Software Engineering Conference, Chiang Mai, Thailand, 2003.
Mellado, Fernández-Medina and Piattini, ‘A Comparison of the Common Criteria with Proposals of Information Systems Security Requirements’, Proceedings of the IEEE Conference on Availability, Reliability and Security (ARES’06), Austria, 2006.
04/18/23 03:30 PM 5864_ER_WHITE.12
Part 2Simple use of UML for assisting in the creation of Common Criteria evaluation inputs
04/18/23 03:30 PM 5864_ER_WHITE. 13
Common CC difficulties I have experienced
• These are difficulties that may be helped by the use of UML in the creation of the documents or even within the documents.
– Inconsistent or difficult to understand scope of the Target of Evaluation (TOE) in the ST.
– Inconsistent or difficult to understand interactions within the TOE.
– Missing interfaces or components that have been left off in worded descriptions.
– Multiple interpretations of worded descriptions within the ST, FSP, HLD as to functionality, relationships and scope.
Part 2
04/18/23 03:30 PM 5864_ER_WHITE. 14
• Use Case diagrams can be used to define scope of functionality of the TOE (ASE_INT.1.6C to ASE_INT.1.8C).
– Actors being external entities and Use Cases being in scope of the TOE.
• Use Cases can also be used to help identify the security problem the TOE addresses (ASE_SPD), what Security Objectives of the TOE (ASE_OBJ) and also the Security Functional Requirements (ASE_REQ).
Part 2
Use of UML in the ST
04/18/23 03:30 PM 5864_ER_WHITE. 15
• Identifying scope and possible security problems
Part 2
Example
04/18/23 03:30 PM 5864_ER_WHITE. 16
• The Use Cases can be useful in helping to determine external interfaces.
• Activity diagrams can be useful for identifying the behaviour of the TOE at each external interface (ADV_FSP.2-5).
• Activity Diagrams and Use Cases can be used as evidence to show that the TOE Security Functions (TSFs) derived in the ST are completely represented (ADV_FSP.2-6, ADV_FSP.2-7).
Part 2
Use of UML in the FSP
04/18/23 03:30 PM 5864_ER_WHITE. 17
Example• Identifying external interfaces
Part 2
04/18/23 03:30 PM 5864_ER_WHITE. 18
Use of UML in the High Level Design
• HLD can use Class diagrams/cards or a derivative of them as they can map nicely to the subsystems.
• These classes can be directly derived from the Use Case breakdown from the FSP or from Interaction or Activity diagrams.
• They can also be hardware components as these can also be modelled in UML as classes.
Part 2
04/18/23 03:30 PM 5864_ER_WHITE. 19
Example
• Identifying subsystems
Part 2
04/18/23 03:30 PM 5864_ER_WHITE.20
Part 3Simple use of UML for assisting in the creation of Common Criteria evaluation inputs
04/18/23 03:30 PM 5864_ER_WHITE. 21
• CC can be complex and difficult to understand for developers and companies considering evaluation.
• The use of Software Engineering tools that developers already use to assist in creating CC documents will increase the accessibility of CC.
• The use of already created Software Engineering artifacts such as UML diagrams will allow CC documents to be more accurate which in turn will reduce costs and time needed for evaluation.
Part 3
Summary
04/18/23 03:30 PM 5864_ER_WHITE. 22
The Way Forward
• Use of UML or other Software Engineering tools to automate the production of CC documents or templates.
• Investigation of how other Software Engineering methods can be used in assisting in the creation of CC documents.
• Encourage Software Engineers to see how Software Engineering tools can be mapped to CC requirements as a method for improving IT Security.
Part 3
04/18/23 03:30 PM 5864_ER_WHITE. 23
• Information on CSC Evaluations and Pre-Evaluation Consultation Services – [email protected]
• Karen Sheh– [email protected]
• Thank you!
Part 3
Questions or comments?
